#!/bin/bash

# Exit on error
trap 'exit' ERR

# Colours
reset=$(tput sgr0)
bold=$(tput bold)
blue=$(tput setaf 4)

app='Phoenix'
sign_update="$PWD/Pods/Sparkle/bin/sign_update"

# Unset arguments
unset code_sign_identity
unset output_directory

# Helpers

help() {
  echo >&2 "\
${bold}Usage:${reset} $(basename $0) -s code-sign-identity -o output-directory

notarytool will use a Keychain profile with the name “NOTARISATION_PASSWORD” for authentication.
Use “xcrun notarytool store-credentials” to store the credentials.

Arguments:
  -s code-sign-identity     used to sign the app
  -o output-directory       where the app archive is created"
}

missing_argument() {
  echo >&2 "Option -$1 requires an argument."
}

non_existent_path() {
  echo >&2 "Path “$1” does not exist."
}

describe() {
  echo -e "\n${bold}${blue}${1}${reset}\n"
}

get_property() {
  /usr/libexec/PlistBuddy -c "Print $1" "$2"
}

get_build_setting() {
  xcodebuild -showBuildSettings | grep "$1" | tr -d "$1 = "
}

# Parse arguments
while getopts 'u:s:d:o:' opt; do
  case $opt in
    s) code_sign_identity=$OPTARG;;
    o) output_directory=$OPTARG;;

    :)
      missing_argument $OPTARG
      exit 1
    ;;

    ?)
      help
      exit 1
    ;;
  esac
done

# Invalid arguments
if [ ! "$code_sign_identity" ] || [ ! "$output_directory" ]; then
  help
  exit 1
fi

# Verify paths

if [ ! -d "$output_directory" ]; then
  non_existent_path "$output_directory"
  exit 1
fi

# Build app

build_directory="$PWD/build"
version=$(get_build_setting 'MARKETING_VERSION')
build_number=$(get_build_setting 'CURRENT_PROJECT_VERSION')
notarisation_archive="phoenix-$version.zip"
archive="phoenix-$version.tar.gz"

if [ -f "$output_directory/$archive" ]; then
  echo "Archive “"$archive"” already exists. Exiting..."
  exit 1
fi

describe "Building $app..."

rm -rf $build_directory

xcodebuild -workspace $app.xcworkspace \
           -scheme $app \
           -configuration Release \
           -archivePath "$build_directory/$app.xcarchive" \
           CODE_SIGN_IDENTITY="$code_sign_identity" \
           clean archive

xcodebuild -archivePath "$build_directory/$app.xcarchive" \
           -exportArchive \
           -exportPath $build_directory \
           -exportOptionsPlist export.plist

# Verify app

describe 'Verifying signed app...'

cd $build_directory
codesign --verbose=4 --verify $app.app
spctl --verbose=4 --assess --type execute $app.app

# Notarise app

describe 'Notarising app...'

echo 'Creating archive for notarisation...'
ditto -c -k --keepParent $app.app $notarisation_archive

echo 'Uploading archive to notarisation service...'
xcrun notarytool submit --wait --keychain-profile 'NOTARISATION_PASSWORD' $notarisation_archive

# Staple app

describe 'Stapling app...'

xcrun stapler staple $app.app

# Archive app

describe 'Archiving app...'

tar czf "$output_directory/$archive" $app.app
echo "Archived to “"$output_directory/$archive"”."
cd $output_directory

# Create EdDSA-signature

describe 'Creating EdDSA-signature for archive...'

eddsa_signature=$($sign_update $archive | perl -ne '/sparkle:edSignature="(.+)" / && print $1')
echo "EdDSA: $eddsa_signature"

# Collect information

describe 'Collecting release information...'

echo "Date: $(LANG=en date '+%a, %d %b %Y %T %z')"
echo "Version: $version ($build_number)"
echo "Archive: $archive"
echo "Size: $(stat -f '%z' $archive)"
echo "SHA-256: $(shasum -a 256 $archive)"
echo "EdDSA signature: $eddsa_signature"

describe 'Done.'
